The original CMMC (version 1.0) was based on several cybersecurity guidelines, most prominently NIST 800-171. With the announcement of CMMC version 2.0 in early November 2021, however, the alignment between the frameworks and the NIST document has changed a bit. Fortunately, this change seems to be for the better, or at least more intuitive, for assessors and contractors. 

Here, we’ll discuss how the new CMMC 2.0 assessment levels align with NIST 800-171 and how this can help contractors more readily meet their security obligations once the new framework goes into effect. 

Read More

The General Data Protection Regulation (GDPR) is a set of regulations enforced in the European Union to protect consumer data privacy and instill new controls over data ownership and use. While only having jurisdiction in the EU, this law has had a major impact on how companies do business in Europe, especially digitally. 

Here, we’ll discuss some of the compliance requirements in place under GDPR for consent and privacy. These requirements are deeply ingrained into GDPR law and impact the professional and technical operations of organizations operating in the EU. 

Read More

With the news of the log4Shell bug making the rounds on industry and mainstream media, security experts are scrambling to address the implications of widespread bug patches and shared open-source utilities.

Here, we wanted to address some terminologies around the bug, specifically references to this bug representing a zero-day exploit. We’ll define zero-day exploits, why they are so dangerous and how security firms address them. 

Read More